Lab 8 - Further adventures in penetration testing

Goal

Our goal with this lab is to continue to see and experience the processes involved on doing a complete penetration test. In particular, we want to see how to use the vast seectin of Internet resources to cut rught through the peremeter of a system with open vulnerabiities.

Steps

Step 1: Exploiting Distributed C Compiler

Goto yet another instance of the Metasploitable tutorial here: Part 4.

Complete the exploit on the distributed C compiler.

Questions:

The tutorial does not mention how to find the exploit (CVE-2004-2687). What specific search string does it take to find the needed information?

What website provides the information needed to know how to proceed with the exploit.

It turns out this is a REJECTED entry in the NIST National Vulerability Database. Look up this exploit, and find the replacement code, reorting it here. What is the nature of the vulnerability as defined in the NIST National Vulerability Database?

Use the exploited distcc shell to find all open ports on the other system. Here are instructions on how to use the netstat command: Using Netstat. What is your results. e.g. which ports are open?

Questions:

Step 3: Exploring Nessus Bridge

Questions:

Look up Nessus, give an overview on what this is? What specifically is the Nissus Bridge"

Why are you warned against this particular scan, what is the nature of the problem?

The critical operation here is to find a way to esculate a normal priviledge account (user) into a root level access. This activity uses SCP to move some source code to the victim machine. What is UDEV? What are we doing by compliling a new version on the victim?

Chacterize this general class of vulnerability. How can we protect against it?